Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows 8.1 cannot find [Path] make sure you typed the name correctly


  • This topic is locked This topic is locked
2 replies to this topic

#1 tuan2212

tuan2212

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 14 October 2014 - 11:24 AM

- First time I realized my Windows Defender is broken (deleted or sth by virus or trojan). Then I tried to install Avira, Kaspersky... but all the installation is half way then get error. I tried some other antivirus, some are still the same, some get finished installation but when i run the program, Windows pop up the message like "cannot find...(path), make sure you type the name correctly..."

 

- Now my computer is running Eset smart security but found no threat. What should I do? Please help. Thanks a lot.

- All the scan log FRST and aswMBR below:

 

---------------------------------

FRST Scan - FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Tuan (administrator) on SAB3R_PC on 15-10-2014 00:08:59
Running from D:\Setup files
Loaded Profile: Tuan (Available profiles: Tuan)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\KMS\KMS.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
() C:\Program Files\UniKey\UniKeyNT.exe
(BitTorrent Inc.) C:\Users\Tuan\AppData\Roaming\uTorrent\uTorrent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
(Dropbox, Inc.) C:\Users\Tuan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(PowerISO Computing, Inc.) D:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Mischel Internet Security) D:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) D:\Setup files\aswMBR.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5694640 2013-08-17] (VIA)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Lachesis Driver] => C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe [838160 2012-12-21] (Razer USA Ltd)
HKLM-x32\...\Run: [PWRISOVM.EXE] => d:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-11-09] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [THGuard] => d:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1082832 2014-08-20] (Mischel Internet Security)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2014-02-05] (Tonec Inc.)
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [Messenger (Yahoo!)] => e:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [UniKey] => C:\Program Files\UniKey\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [uTorrent] => C:\Users\Tuan\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3941237695-4062913212-1180829105-1001\...\MountPoints2: I - "I:\Setup.exe" 
Startup: C:\Users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE0E8619913ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Fshare Tool -> {957378C1-5359-4872-8803-FDBB4DB41A7A} -> d:\Program Files (x86)\Fshare Tool\Addon\FshareMonitor.dll (FPT Telecom)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8157905-9A6A-4166-B7CB-2A79460E3634}: [NameServer] 8.8.8.8,4.4.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\fhz20e9e.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> d:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> e:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-10-14]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [hotro@fshare.vn] - d:\Program Files (x86)\Fshare Tool\Addon
FF Extension: Fshare Tool  - d:\Program Files (x86)\Fshare Tool\Addon [2014-10-07]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tuan\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Tuan\AppData\Roaming\IDM\idmmzcc5 [2014-02-28]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tuan\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]
CHR Extension: (Google Drive) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-28]
CHR Extension: (Adblock Plus) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-28]
CHR Extension: (Google Search) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-28]
CHR Extension: (Hangouts) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-20]
CHR Extension: (Google Wallet) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR Extension: (Gmail) - C:\Users\Tuan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-28]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-02-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-02-28] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-02-28] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe [2005504 2014-02-28] (ASUSTeK Computer Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-28] (Intel Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 TeamViewer9; d:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4972864 2014-04-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-16] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-21] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-29] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-29] (MCCI Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
S4 avchv; No ImagePath
U3 aswMBR; \??\C:\Users\Tuan\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Tuan\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 23:38 - 2014-10-15 00:09 - 00000000 ____D () C:\FRST
2014-10-14 23:08 - 2014-10-14 23:08 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\ESET
2014-10-14 23:08 - 2014-10-14 23:08 - 00000000 ____D () C:\Users\Tuan\AppData\Local\ESET
2014-10-14 23:01 - 2014-10-14 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-14 23:01 - 2014-10-14 23:01 - 00000000 ____D () C:\ProgramData\ESET
2014-10-14 23:01 - 2014-10-14 23:01 - 00000000 ____D () C:\Program Files\ESET
2014-10-14 22:45 - 2014-10-14 22:45 - 00266083 _____ () C:\ProgramData\1413301477.bdinstall.bin
2014-10-14 18:50 - 2014-10-14 18:50 - 00000385 _____ () C:\Users\Tuan\AppData\Roaminguser_gensett.xml
2014-10-14 18:45 - 2014-10-14 18:45 - 00079192 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2014-10-14 18:45 - 2014-10-14 18:45 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll.upd
2014-10-14 18:38 - 2014-10-14 18:38 - 00001146 _____ () C:\Users\Tuan\Desktop\JRT.txt
2014-10-14 18:38 - 2014-10-14 18:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-14 18:34 - 2014-10-14 18:34 - 00000000 ____D () C:\Windows\ERUNT
2014-10-14 18:15 - 2014-10-14 23:27 - 00199702 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 18:15 - 2014-10-14 18:15 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-10-14 18:15 - 2014-10-14 18:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-14 18:15 - 2014-10-14 18:15 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-14 18:14 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-10-14 18:14 - 2013-11-04 15:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-10-14 18:14 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2014-10-14 18:14 - 2013-07-17 19:31 - 00261496 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-14 18:14 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-10-14 17:45 - 2014-10-14 17:45 - 00000000 ____N () C:\Windows\system32\bdsandboxuiskin32.dll
2014-10-14 17:45 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-10-14 17:45 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-10-14 17:44 - 2014-10-14 17:44 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\QuickScan
2014-10-14 17:42 - 2014-10-14 22:45 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-10-14 01:47 - 2014-10-14 01:47 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\TrojanHunter
2014-10-14 01:41 - 2014-10-14 01:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-10-14 00:52 - 2014-10-14 17:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-14 00:52 - 2014-10-14 17:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-14 00:37 - 2014-10-14 00:37 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-10-14 00:37 - 2014-10-14 00:37 - 00000803 _____ () C:\Users\Tuan\Desktop\TrojanHunter.lnk
2014-10-14 00:37 - 2014-10-14 00:37 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-10-14 00:37 - 2014-10-14 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2014-10-13 11:04 - 2014-10-13 11:04 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\TuneUp Software
2014-10-11 11:12 - 2014-10-11 11:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-11 10:56 - 2014-10-14 18:15 - 00000772 _____ () C:\Windows\setupact.log
2014-10-11 10:56 - 2014-10-14 12:38 - 00477772 _____ () C:\Windows\PFRO.log
2014-10-11 10:56 - 2014-10-11 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-11 10:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-11 10:53 - 2014-10-11 10:55 - 00000000 ____D () C:\AdwCleaner
2014-10-11 01:07 - 2014-10-11 01:07 - 00000504 _____ () C:\Users\Tuan\Documents\cc_20141011_010711.reg
2014-10-11 01:06 - 2014-10-11 01:06 - 00018434 _____ () C:\Users\Tuan\Documents\cc_20141011_010649.reg
2014-10-11 01:04 - 2014-10-11 01:04 - 00179618 _____ () C:\Users\Tuan\Documents\cc_20141011_010423.reg
2014-10-11 01:02 - 2014-10-11 01:02 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-11 01:02 - 2014-10-11 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-11 01:02 - 2014-10-11 01:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-10 11:38 - 2014-10-10 11:38 - 00004608 _____ () C:\Windows\SECOH-QAD.exe
2014-10-10 11:38 - 2014-10-10 11:38 - 00003584 _____ () C:\Windows\SECOH-QAD.dll
2014-10-10 11:31 - 2014-10-10 11:31 - 01512360 _____ (InfoHD-V2.2V10.10) C:\Users\Tuan\AppData\Roaming\DOHGKE.exe
2014-10-10 11:31 - 2014-10-10 11:31 - 00005184 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-11.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00004494 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-4.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00004158 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-6.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00004158 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-3.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00003814 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-7.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00003114 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-1.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00002446 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-5_user.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00002446 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-5.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00002110 _____ () C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-2.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00001700 _____ () C:\Windows\Tasks\TJXWHHNG.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00001352 _____ () C:\Windows\Tasks\DOHGKE.job
2014-10-10 11:31 - 2014-10-10 11:31 - 00000986 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-10 09:48 - 2014-10-10 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-07 19:08 - 2014-10-07 19:17 - 00000000 ____D () C:\Users\Tuan\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-10-07 19:08 - 2014-10-07 19:08 - 00002567 _____ () C:\Users\Tuan\Desktop\Windows 7 USB DVD Download Tool.lnk
2014-10-07 19:08 - 2014-10-07 19:08 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-10-07 18:46 - 2014-10-07 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fshare Tool
2014-10-04 15:41 - 2014-10-04 15:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-04 15:40 - 2014-10-04 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
2014-10-02 15:31 - 2014-10-02 15:31 - 00000000 ____D () C:\Program Files\DIFX
2014-10-02 15:30 - 2014-10-02 15:30 - 00000000 ____D () C:\adb
2014-10-02 01:12 - 2014-10-02 01:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-09-30 12:12 - 2014-09-30 12:12 - 00000000 ____D () C:\Users\Tuan\AppData\Local\SKIDROW
2014-09-29 23:08 - 2014-09-29 23:08 - 00000000 ____D () C:\Users\Tuan\.android
2014-09-29 23:05 - 2014-09-29 23:05 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2014-09-29 19:57 - 2014-10-14 17:31 - 00000000 ___RD () C:\Users\Tuan\Google Drive
2014-09-29 19:57 - 2014-09-29 19:57 - 00001732 _____ () C:\Users\Tuan\Desktop\Google Drive.lnk
2014-09-29 19:53 - 2014-09-29 19:53 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-09-29 19:53 - 2014-09-29 19:53 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-09-29 19:53 - 2014-09-29 19:53 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-09-29 19:53 - 2014-09-29 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-09-28 22:20 - 2014-09-28 22:20 - 00000000 ____D () C:\Users\Tuan\AppData\Local\Macromedia
2014-09-27 01:06 - 2014-10-11 01:08 - 00000000 ____D () C:\Windows\Minidump
2014-09-26 15:36 - 2014-09-26 15:36 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-26 14:21 - 2014-10-10 11:31 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-26 14:21 - 2014-10-10 11:31 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-26 14:21 - 2014-09-26 14:22 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Mozilla
2014-09-26 14:21 - 2014-09-26 14:21 - 00000000 ____D () C:\Users\Tuan\AppData\Local\Mozilla
2014-09-26 14:21 - 2014-09-26 14:21 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-26 14:21 - 2014-09-26 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 14:21 - 2014-09-26 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 16:09 - 2014-09-23 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spec Ops The Line
2014-09-23 14:29 - 2014-10-04 20:09 - 00000000 ____D () C:\Users\Tuan\Desktop\Games
2014-09-20 00:34 - 2014-09-20 00:34 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-09-20 00:34 - 2014-09-20 00:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-20 00:33 - 2014-09-20 00:34 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-09-20 00:33 - 2014-09-17 11:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-20 00:33 - 2014-09-17 11:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-20 00:33 - 2014-09-14 06:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-20 00:33 - 2014-09-14 06:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-20 00:33 - 2014-09-14 03:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-20 00:33 - 2014-09-05 02:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-20 00:33 - 2014-09-05 02:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-18 19:05 - 2014-09-18 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dishonored
2014-09-18 18:46 - 2014-09-18 18:46 - 00000739 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-09-18 18:46 - 2014-09-18 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-09-18 18:46 - 2009-11-09 10:28 - 00091568 _____ (PowerISO Computing, Inc.) C:\Windows\system32\Drivers\scdemu.sys
2014-09-15 17:53 - 2014-09-15 17:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 16:12 - 2014-08-16 11:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-15 16:12 - 2014-08-16 11:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-09-15 16:12 - 2014-08-16 11:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-15 16:12 - 2014-08-16 10:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-15 16:12 - 2014-08-16 10:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-15 16:12 - 2014-08-16 10:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-15 16:12 - 2014-08-16 10:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-15 16:12 - 2014-08-16 10:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-09-15 16:12 - 2014-08-16 10:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-15 16:12 - 2014-08-16 08:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-15 16:12 - 2014-08-16 08:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-09-15 16:12 - 2014-08-16 07:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-09-15 16:12 - 2014-08-16 07:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-15 16:12 - 2014-08-16 07:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-09-15 16:12 - 2014-08-16 07:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-09-15 16:12 - 2014-08-16 07:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-09-15 16:12 - 2014-08-16 07:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-15 16:12 - 2014-08-16 07:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-15 16:12 - 2014-08-16 07:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-09-15 16:12 - 2014-08-16 07:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 16:12 - 2014-08-16 07:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-15 16:12 - 2014-08-16 07:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-09-15 16:12 - 2014-08-16 07:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-09-15 16:12 - 2014-08-16 07:20 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-09-15 16:12 - 2014-08-16 07:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 16:12 - 2014-08-16 07:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-09-15 16:12 - 2014-08-16 07:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-15 16:12 - 2014-08-16 07:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-09-15 16:12 - 2014-08-16 07:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-15 16:12 - 2014-08-16 07:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-15 16:12 - 2014-08-16 07:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-09-15 16:12 - 2014-08-16 07:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-15 16:12 - 2014-08-16 07:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-09-15 16:12 - 2014-08-16 07:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-09-15 16:12 - 2014-08-16 07:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-15 16:12 - 2014-08-16 07:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-15 16:12 - 2014-08-01 06:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-15 16:12 - 2014-07-24 22:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-15 16:12 - 2014-07-24 18:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-09-15 16:12 - 2014-07-24 17:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-15 16:12 - 2014-07-24 16:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-15 16:11 - 2014-09-15 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-15 16:11 - 2014-09-15 16:11 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-15 16:11 - 2014-09-05 09:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-15 16:11 - 2014-09-05 09:31 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 16:11 - 2014-09-05 07:48 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 16:11 - 2014-08-23 14:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-15 16:11 - 2014-08-23 14:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-15 16:11 - 2014-08-23 13:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-15 16:11 - 2014-08-23 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-15 16:11 - 2014-08-23 11:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-15 16:11 - 2014-08-23 11:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-15 16:11 - 2014-08-23 11:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-15 16:11 - 2014-08-23 11:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-15 16:11 - 2014-08-23 11:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-15 16:11 - 2014-06-28 14:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-09-15 16:10 - 2014-08-29 08:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-15 16:10 - 2014-08-29 08:32 - 02779136 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-15 16:10 - 2014-08-29 07:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-15 16:10 - 2014-08-29 06:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-15 16:10 - 2014-08-29 06:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-15 16:10 - 2014-08-26 05:27 - 04148736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-15 16:10 - 2014-08-15 07:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-15 16:10 - 2014-08-07 09:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-15 16:10 - 2014-08-02 10:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-15 16:10 - 2014-08-02 07:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-15 16:10 - 2014-07-30 08:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-15 16:10 - 2014-07-29 12:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-15 16:10 - 2014-07-24 10:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-15 16:10 - 2014-07-24 10:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-15 16:10 - 2014-06-04 16:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-15 16:10 - 2014-06-04 12:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-15 16:10 - 2014-06-04 11:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-15 16:09 - 2014-07-12 11:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-15 00:07 - 2014-03-03 14:36 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\uTorrent
2014-10-15 00:00 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-14 23:49 - 2014-02-28 14:59 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Skype
2014-10-14 22:45 - 2013-08-22 20:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-14 19:33 - 2014-02-28 14:59 - 00000000 __SHD () C:\Windows\SysWOW64\Application Services
2014-10-14 18:58 - 2014-02-28 15:09 - 00000000 __SHD () C:\ProgramData\Application Services
2014-10-14 18:32 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-14 18:25 - 2014-02-28 14:59 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\DMCache
2014-10-14 18:17 - 2014-02-28 13:27 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-14 17:32 - 2014-02-28 13:47 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-14 17:31 - 2014-03-05 10:10 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Dropbox
2014-10-14 17:31 - 2014-02-28 13:28 - 00000000 ___DO () C:\Users\Tuan\SkyDrive
2014-10-14 17:30 - 2014-04-20 23:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-14 17:29 - 2014-09-03 19:17 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-10-14 15:05 - 2014-05-13 23:33 - 00000000 ____D () C:\Users\Tuan\AppData\Local\Viber
2014-10-14 15:01 - 2014-09-03 19:17 - 00000000 ____D () C:\Stinger_Quarantine
2014-10-14 12:39 - 2014-05-13 23:36 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\ViberPC
2014-10-14 12:38 - 2014-09-03 21:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 01:35 - 2013-08-22 20:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-13 11:08 - 2014-02-28 14:59 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\IDM
2014-10-11 01:08 - 2014-04-05 23:08 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\TeamViewer
2014-10-11 01:08 - 2014-02-28 13:18 - 00000000 ____D () C:\Windows\Panther
2014-10-10 09:48 - 2014-08-11 00:39 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-10-10 09:48 - 2014-06-24 19:06 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-10 09:48 - 2014-06-24 19:06 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 00:11 - 2014-06-01 11:47 - 00000000 ____D () C:\ProgramData\Origin
2014-10-04 15:41 - 2014-05-02 22:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-02 15:24 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-10-01 18:23 - 2014-02-28 13:27 - 00000000 ____D () C:\Users\Tuan
2014-09-30 12:12 - 2014-06-04 00:47 - 00000000 ____D () C:\Users\Tuan\Documents\My Games
2014-09-30 12:12 - 2014-04-22 23:45 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\NVIDIA
2014-09-29 19:53 - 2014-02-28 13:40 - 00000000 ____D () C:\Users\Tuan\AppData\Local\Google
2014-09-29 19:53 - 2014-02-28 13:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-26 15:41 - 2014-04-14 23:38 - 00000000 ____D () C:\Users\Tuan\AppData\Local\Adobe
2014-09-23 00:28 - 2014-05-13 23:36 - 00001111 _____ () C:\Users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-09-23 00:28 - 2014-05-13 23:36 - 00001103 _____ () C:\Users\Tuan\Desktop\Viber.lnk
2014-09-20 00:34 - 2014-04-20 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-20 00:34 - 2014-02-28 15:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-20 00:34 - 2014-02-28 14:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-18 11:40 - 2014-03-05 10:14 - 00001064 _____ () C:\Users\Tuan\Desktop\Dropbox.lnk
2014-09-18 11:40 - 2014-03-05 10:11 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 01:01 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 11:51 - 2014-04-20 23:37 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-17 09:10 - 2014-06-08 11:18 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-17 09:10 - 2014-06-08 11:18 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-17 09:10 - 2014-04-20 23:38 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-17 09:10 - 2014-04-20 23:38 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-15 18:41 - 2014-03-09 14:55 - 00000000 ____D () C:\Users\Tuan\AppData\Roaming\Apple Computer
2014-09-15 17:54 - 2013-08-22 21:44 - 00602896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-15 17:53 - 2013-08-22 22:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-15 17:53 - 2013-08-22 22:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-15 16:21 - 2014-02-28 14:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 16:21 - 2013-08-22 22:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-15 16:19 - 2014-02-28 14:59 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\Users\Tuan\AppData\Roaming\msconfig.ini
 
 
Some content of TEMP:
====================
C:\Users\Tuan\AppData\Local\Temp\4FasRJ.Difx64.exe
C:\Users\Tuan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5e54b9.dll
C:\Users\Tuan\AppData\Local\Temp\NW3Qp.difxapi.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-02-28 13:20
 
==================== End Of Log ============================
 
 
 
 
 
-------------------------------------------------
FRST Scan - Addition file
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Tuan at 2014-10-15 00:09:18
Running from D:\Setup files
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Watch_Dogs" (HKLM-x32\...\{4F01FAA4-5688-4B10-B243-F8C67D279FA5}_is1) (Version: 0.1.0.1 (Update 1) - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CrystalDiskMark 3.0.3a (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3a - Crystal Dew World)
Dishonored version 5.1 (HKLM-x32\...\{B810D852-DFD6-DISOH-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Fshare Tool version 4.7.2 (HKLM-x32\...\{0AA81912-18DE-4E3A-9CDB-BA60AB36AF50}_is1) (Version: 4.7.2 - www.Fshare.vn Groups)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: IDM 6.19 Build 1 - Copyright by Tonec Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LAV Filters 0.61.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.61.1 - Hendrik Leppkes)
LINE (HKLM-x32\...\LINE) (Version: 3.7.0.34 - LINE Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Miracast Virtual Audio 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.20 - Qualcomm Atheros Inc.)
Razer Lachesis 5600 (HKLM-x32\...\{B86EE1B4-85B7-4731-AA28-7262A722B3FE}) (Version: 3.03.00 - Razer USA Ltd.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spec Ops The Line version 1.02 (HKLM-x32\...\{75D84EF7-0D8C-4e70-SPCOPS-7B42A5D4E0EB}_is1) (Version: 1.02 - Black_Box)
SSDlife Pro (HKLM-x32\...\{3D843494-7DC4-47C9-9E95-3543F0A4E7BC}) (Version: 2.3.56 - BinarySense Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Tom Clancy`s Ghost Recon Future Soldier / RePack by Baracuda (HKLM-x32\...\Tom Clancy`s Ghost Recon Future Soldier_is1) (Version: 1.8.130422 - )
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version:  - Pham Kim Long)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Viber (HKCU\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3941237695-4062913212-1180829105-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tuan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 20:25 - 2014-04-14 23:37 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12F55B38-36C1-49D7-8BD0-13279DBD34AC} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-07-24] (ASUSTeK Computer Inc.)
Task: {150F0FFE-E2CD-4325-B9AB-C409B33FAC8B} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-08] (ASUSTeK Computer Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A933761-0420-407D-B63C-2BB6BE2A98DD} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-14] (ASUSTeK Computer Inc.)
Task: {2B6A369A-54E7-46D6-A5F6-CADBC9892122} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37202ACE-0BD5-4BE0-9D64-8C5271F12DCC} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {46FF76C3-8CE7-422B-B999-85752951192B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {575AAB1A-EC39-4691-A00F-95E08F9502B3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72784EA6-6326-493D-B3C2-8140641698F0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73C98DE2-1838-41A2-A38B-427393C829DD} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B826EF0A-052E-448B-B11E-5E30D169F1FC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-15] (Microsoft Corporation)
Task: {C8AAE308-B4A2-4B89-9560-B74920902FA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D001EC6C-66D1-4589-A244-6465FA4AA8D3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EE5A22B4-86C0-4141-8580-97FA0C7792A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.)
Task: {FE7521F6-5E9A-42A9-89BF-5DDDA8499DFC} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-15] ()
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-1.job => C:\Program Files (x86)\HD-V2.2V10.10\HD-V2.2V10.10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-11.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-2.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-3.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-4.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-5.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-5_user.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-6.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6995630-7005-4129-b6d4-59cff39b3aba-7.job => C:\Program Files (x86)\HD-V2.2V10.10\c6995630-7005-4129-b6d4-59cff39b3aba-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\DOHGKE.job => C:\Users\Tuan\AppData\Roaming\DOHGKE.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8cec91c2367c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TJXWHHNG.job => C:\Users\Tuan\AppData\Roaming\TJXWHHNG.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{983C2611-8071-4132-A1E1-AF009CDC59A1}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-20 23:37 - 2014-09-14 04:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 13:44 - 2014-02-28 13:44 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-02-28 13:27 - 2014-01-04 18:52 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2014-02-28 13:27 - 2013-12-04 03:01 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2014-02-28 15:12 - 2012-11-15 06:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-28 15:12 - 2012-11-15 06:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-28 15:01 - 2009-11-02 15:43 - 00316928 _____ () C:\Program Files\UniKey\UniKeyNT.exe
2014-02-28 15:01 - 2009-11-02 15:43 - 00296960 _____ () C:\Program Files\UniKey\UKHook40.dll
2014-10-08 20:31 - 2014-10-01 12:03 - 01366856 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-08 20:31 - 2014-10-01 12:03 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-08 20:31 - 2014-10-01 12:03 - 10578248 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-08 20:31 - 2014-10-01 12:03 - 01859400 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
2014-10-08 20:31 - 2014-10-01 12:04 - 26697032 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
2014-02-13 11:58 - 2014-02-13 11:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-13 11:58 - 2014-02-13 11:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 13:44 - 2014-10-14 17:30 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-02-28 13:44 - 2010-06-30 01:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-10-14 17:31 - 2014-10-14 17:31 - 00098816 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32api.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00110080 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\pywintypes27.dll
2014-10-14 17:31 - 2014-10-14 17:31 - 00364544 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\pythoncom27.dll
2014-10-14 17:31 - 2014-10-14 17:31 - 00045568 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\_socket.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 01160704 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\_ssl.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00320512 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32com.shell.shell.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00713216 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\_hashlib.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 01175040 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._core_.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00805888 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._gdi_.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00811008 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._windows_.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 01062400 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._controls_.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00735232 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._misc_.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00128512 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\_elementtree.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00127488 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\pyexpat.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00557056 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\pysqlite2._sqlite.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00007168 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\hashobjs_ext.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00087552 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\_ctypes.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00119808 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32file.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00108544 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32security.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00018432 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32event.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00038912 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32inet.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00070656 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._html2.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00167936 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32gui.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00011264 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32crypt.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00027136 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\_multiprocessing.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00686080 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\unicodedata.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00122368 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._wizard.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00010240 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\select.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00024064 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32pipe.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00025600 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32pdh.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00525640 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\windows._lib_cacheinvalidation.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00035840 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32process.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00017408 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32profile.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00022528 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\win32ts.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00078336 _____ () C:\Users\Tuan\AppData\Local\Temp\_MEI48922\wx._animate.pyd
2014-10-14 17:31 - 2014-10-14 17:31 - 00043008 _____ () c:\users\tuan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5e54b9.dll
2013-08-24 02:01 - 2013-08-24 02:01 - 25100288 _____ () C:\Users\Tuan\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-28 14:24 - 2013-08-09 04:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\Users\Tuan\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "Messenger (Yahoo!)"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3941237695-4062913212-1180829105-500 - Administrator - Disabled)
Guest (S-1-5-21-3941237695-4062913212-1180829105-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3941237695-4062913212-1180829105-1003 - Limited - Enabled)
Tuan (S-1-5-21-3941237695-4062913212-1180829105-1001 - Administrator - Enabled) => C:\Users\Tuan
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 00:09:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:21Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:08:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:51Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:08:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:21Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:07:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:51Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:07:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:21Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:06:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:51Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:06:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:21Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:05:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:51Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:05:21 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:21Z. Error Code: 0x80040154.
 
Error: (10/15/2014 00:04:51 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2014-11-09T04:38:51Z. Error Code: 0x80040154.
 
 
System errors:
=============
Error: (10/14/2014 11:02:35 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 11:02:04 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 11:01:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/14/2014 10:48:13 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 10:47:43 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 10:47:13 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 10:46:43 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 10:46:13 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 10:45:43 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (10/14/2014 10:42:57 PM) (Source: DCOM) (EventID: 10010) (User: SAB3R_PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8134.54 MB
Available physical RAM: 5640.95 MB
Total Pagefile: 16326.54 MB
Available Pagefile: 13625.44 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:59.28 GB) (Free:26.09 GB) NTFS
Drive d: (WD 01) (Fixed) (Total:90 GB) (Free:30.37 GB) NTFS
Drive e: (WD 02) (Fixed) (Total:420.75 GB) (Free:325.86 GB) NTFS
Drive f: (WD 03) (Fixed) (Total:420.75 GB) (Free:21.02 GB) NTFS
Drive h: () (Fixed) (Total:465.76 GB) (Free:100.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 9FBD9A8C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E711A7A)
Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=420.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F7AFFED)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)
 
==================== End Of Log ============================
 
 
 
-----------------------------
aswMBR Scan
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-14 23:48:45
-----------------------------
23:48:45.748    OS Version: Windows x64 6.2.9200 
23:48:45.748    Number of processors: 4 586 0x3A09
23:48:45.748    ComputerName: SAB3R_PC  UserName: Tuan
23:48:46.191    Initialize success
23:48:46.207    VM: initialized successfully
23:48:46.222    VM: Intel CPU BiosDisabled 
23:48:49.932    VM: supported disk I/O storport.sys
00:09:55.637    AVAST engine defs: 14101400
00:14:04.176    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
00:14:04.178    Disk 0 Vendor: M4-CT064M4SSD2 070H Size: 61057MB BusType: 11
00:14:04.179    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000002e
00:14:04.180    Disk 1 Vendor: WDC_WD10EZEX-00ZF5A0 80.00A80 Size: 953869MB BusType: 11
00:14:04.182    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000002f
00:14:04.184    Disk 2 Vendor: Hitachi_HTS545050B9A300 PB4OC64G Size: 476940MB BusType: 11
00:14:04.193    Disk 0 MBR read successfully
00:14:04.195    Disk 0 MBR scan
00:14:04.200    Disk 0 Windows 7 default MBR code
00:14:04.203    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
00:14:04.210    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60705 MB offset 718848
00:14:04.223    Disk 0 scanning C:\Windows\system32\drivers
00:14:09.705    Service scanning
00:14:10.476    Service avchv C:\Windows\system32\DRIVERS\avchv.sys **LOCKED**
00:14:20.674    Modules scanning
00:14:20.674    Disk 0 trace - called modules:
00:14:20.690    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 
00:14:20.690    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00184267060]
00:14:20.707    3 CLASSPNP.SYS[fffff800630b827b] -> nt!IofCallDriver -> [0xffffe00183894040]
00:14:20.712    5 ACPI.sys[fffff800623717aa] -> nt!IofCallDriver -> \Device\0000002d[0xffffe00183895060]
00:14:20.837    AVAST engine scan C:\Windows
00:14:21.321    AVAST engine scan C:\Windows\system32
00:15:57.675    AVAST engine scan C:\Windows\system32\drivers
00:16:04.713    AVAST engine scan C:\Users\Tuan
00:18:01.073    AVAST engine scan C:\ProgramData
00:18:05.234    Scan finished successfully
00:20:42.156    Disk 0 MBR has been saved successfully to "D:\Setup files\MBR.dat"
00:20:42.160    The log file has been saved successfully to "D:\Setup files\aswMBR.txt"
 
 

 

Attached Files


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 October 2014 - 07:03 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 

#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 22 October 2014 - 09:50 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users